The patches are included in Adobe AIR version 3. The two Flash Player vulnerabilities were also fixed in Adobe AIR, a runtime for rich Internet applications that has Flash support.
#Adobe shockwave flash player update
The Flash Player versions bundled with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will automatically be updated through those browsers' update mechanisms. Tuesday's update, though, moved the Windows and Macintosh versions of Flash Player to version 11.9.900.170, and the Linux version to 11.2.202.332. Some mitigation for this type of exploit exists since Flash 11.6, which introduced a click-to-play feature that requires users to confirm the playback of Flash content embedded in documents when opened in Microsoft Office versions older than Office 2010.
#Adobe shockwave flash player code
If exploited successfully, both vulnerabilities can lead to arbitrary code execution allowing attackers to take control of the affected systems. A memory corruption flaw tracked as CVE-2013-5332 was also fixed.
That CVE (Common Vulnerabilities and Exposures) ID refers to a type confusion vulnerability fixed in the new version of Flash Player. "Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331," the company said in a security advisory. Adobe patched several vulnerabilities in its Flash Player and Shockwave Player on Tuesday, including one for which an exploit is already available.
0 kommentar(er)
